Repository: sentry Updated Branches: refs/heads/SENTRY-1881 [created] e67b743bf
SENTRY-1881 PrivilegeOperatePersistence throws wrong type of exceptions Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/e67b743b Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/e67b743b Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/e67b743b Branch: refs/heads/SENTRY-1881 Commit: e67b743bf22d4a30fef17baf5ec521eaf75f1193 Parents: 9681099 Author: Alexander Kolbasov <[email protected]> Authored: Fri Aug 11 16:51:09 2017 -0700 Committer: Alexander Kolbasov <[email protected]> Committed: Fri Aug 11 16:51:09 2017 -0700 ---------------------------------------------------------------------- .../core/common/BitFieldActionFactory.java | 6 +- .../core/model/sqoop/SqoopActionFactory.java | 15 ++-- .../persistent/PrivilegeOperatePersistence.java | 78 ++++++++++---------- 3 files changed, 51 insertions(+), 48 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/e67b743b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldActionFactory.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldActionFactory.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldActionFactory.java index 3789da7..ac98779 100644 --- a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldActionFactory.java +++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/BitFieldActionFactory.java @@ -17,6 +17,8 @@ */ package org.apache.sentry.core.common; +import org.apache.sentry.core.common.exception.SentryUserException; + import java.util.List; public abstract class BitFieldActionFactory { @@ -27,11 +29,11 @@ public abstract class BitFieldActionFactory { * @param actionCode * @return The BitFieldAction List */ - public abstract List<? extends BitFieldAction> getActionsByCode(int actionCode); + public abstract List<? extends BitFieldAction> getActionsByCode(int actionCode) throws SentryUserException; /** * Get the BitFieldAction from the given name * @param name * @return */ - public abstract BitFieldAction getActionByName(String name); + public abstract BitFieldAction getActionByName(String name) throws SentryUserException; } http://git-wip-us.apache.org/repos/asf/sentry/blob/e67b743b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java ---------------------------------------------------------------------- diff --git a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java index e7ba5f1..cd05831 100644 --- a/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java +++ b/sentry-core/sentry-core-model-sqoop/src/main/java/org/apache/sentry/core/model/sqoop/SqoopActionFactory.java @@ -22,6 +22,7 @@ import org.apache.sentry.core.common.BitFieldAction; import org.apache.sentry.core.common.BitFieldActionFactory; import com.google.common.collect.Lists; +import org.apache.sentry.core.common.exception.SentryUserException; public class SqoopActionFactory extends BitFieldActionFactory { enum SqoopActionType { @@ -44,16 +45,16 @@ public class SqoopActionFactory extends BitFieldActionFactory { return name; } - static SqoopActionType getActionByName(String name) { + static SqoopActionType getActionByName(String name) throws SentryUserException { for (SqoopActionType action : SqoopActionType.values()) { if (action.name.equalsIgnoreCase(name)) { return action; } } - throw new RuntimeException("can't get sqoopActionType by name:" + name); + throw new SentryUserException("can't get sqoopActionType by name:" + name); } - static List<SqoopActionType> getActionByCode(int code) { + static List<SqoopActionType> getActionByCode(int code) throws SentryUserException { List<SqoopActionType> actions = Lists.newArrayList(); for (SqoopActionType action : SqoopActionType.values()) { if ((action.code & code) == action.code && action != SqoopActionType.ALL) { @@ -62,14 +63,14 @@ public class SqoopActionFactory extends BitFieldActionFactory { } } if (actions.isEmpty()) { - throw new RuntimeException("can't get sqoopActionType by code:" + code); + throw new SentryUserException("can't get sqoopActionType by code:" + code); } return actions; } } public static class SqoopAction extends BitFieldAction { - public SqoopAction(String name) { + public SqoopAction(String name) throws SentryUserException { this(SqoopActionType.getActionByName(name)); } public SqoopAction(SqoopActionType sqoopActionType) { @@ -78,7 +79,7 @@ public class SqoopActionFactory extends BitFieldActionFactory { } @Override - public BitFieldAction getActionByName(String name) { + public BitFieldAction getActionByName(String name) throws SentryUserException { //Check the name is All if (SqoopActionConstant.ALL_NAME.equalsIgnoreCase(name)) { return new SqoopAction(SqoopActionType.ALL); @@ -87,7 +88,7 @@ public class SqoopActionFactory extends BitFieldActionFactory { } @Override - public List<? extends BitFieldAction> getActionsByCode(int code) { + public List<? extends BitFieldAction> getActionsByCode(int code) throws SentryUserException { List<SqoopAction> actions = Lists.newArrayList(); for (SqoopActionType action : SqoopActionType.getActionByCode(code)) { actions.add(new SqoopAction(action)); http://git-wip-us.apache.org/repos/asf/sentry/blob/e67b743b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java index 37484ed..d8b4887 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java @@ -74,7 +74,7 @@ public class PrivilegeOperatePersistence { private final Configuration conf; - public PrivilegeOperatePersistence(Configuration conf) { + PrivilegeOperatePersistence(Configuration conf) { this.conf = conf; } @@ -131,7 +131,7 @@ public class PrivilegeOperatePersistence { * @param privilege Source privilege * @return ParamBuilder suitable for executing the query */ - public static QueryParamBuilder populateIncludePrivilegesParams(MSentryGMPrivilege privilege) { + private static QueryParamBuilder populateIncludePrivilegesParams(MSentryGMPrivilege privilege) { QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder(); paramBuilder.add(SERVICE_NAME, toNULLCol(privilege.getServiceName()), true); paramBuilder.add(COMPONENT_NAME, toNULLCol(privilege.getComponentName()), true); @@ -184,8 +184,8 @@ public class PrivilegeOperatePersistence { } private void grantRolePartial(MSentryGMPrivilege grantPrivilege, - MSentryRole role,PersistenceManager pm) { - /** + MSentryRole role,PersistenceManager pm) throws SentryUserException { + /* * If Grant is for ALL action and other actions belongs to ALL action already exists.. * need to remove it and GRANT ALL action */ @@ -194,7 +194,7 @@ public class PrivilegeOperatePersistence { BitFieldAction allAction = getAction(component, Action.ALL); if (action.implies(allAction)) { - /** + /* * ALL action is a multi-bit set action that includes some actions such as INSERT,SELECT and CREATE. */ List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode()); @@ -202,7 +202,7 @@ public class PrivilegeOperatePersistence { grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { - /** + /* * force to load all roles related this privilege * avoid the lazy-loading risk,such as: * if the roles field of privilege aren't loaded, then the roles is a empty set @@ -215,7 +215,7 @@ public class PrivilegeOperatePersistence { } } } else { - /** + /* * If ALL Action already exists.. * do nothing. */ @@ -226,11 +226,11 @@ public class PrivilegeOperatePersistence { } } - /** + /* * restore the action */ grantPrivilege.setAction(action.getValue()); - /** + /* * check the privilege is exist or not */ MSentryGMPrivilege mPrivilege = getPrivilege(grantPrivilege, pm); @@ -247,18 +247,18 @@ public class PrivilegeOperatePersistence { if (mPrivilege == null) { mPrivilege = convertToPrivilege(privilege); } else { - mPrivilege = (MSentryGMPrivilege) pm.detachCopy(mPrivilege); + mPrivilege = pm.detachCopy(mPrivilege); } Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(Sets.newHashSet(role), mPrivilege, pm)); - /** + /* * Get the privilege graph * populateIncludePrivileges will get the privileges that needed revoke */ for (MSentryGMPrivilege persistedPriv : privilegeGraph) { - /** + /* * force to load all roles related this privilege * avoid the lazy-loading risk,such as: * if the roles field of privilege aren't loaded, then the roles is a empty set @@ -298,25 +298,25 @@ public class PrivilegeOperatePersistence { */ private void revokeRolePartial(MSentryGMPrivilege revokePrivilege, MSentryGMPrivilege persistedPriv, MSentryRole role, - PersistenceManager pm) { + PersistenceManager pm) throws SentryUserException { String component = revokePrivilege.getComponentName(); BitFieldAction revokeaction = getAction(component, revokePrivilege.getAction()); BitFieldAction persistedAction = getAction(component, persistedPriv.getAction()); BitFieldAction allAction = getAction(component, Action.ALL); if (revokeaction.implies(allAction)) { - /** + /* * if revoke action is ALL, directly revoke its children privileges and itself */ persistedPriv.removeRole(role); pm.makePersistent(persistedPriv); } else { - /** + /* * if persisted action is ALL, it only revoke the requested action and left partial actions * like the requested action is SELECT, the UPDATE and CREATE action are left */ if (persistedAction.implies(allAction)) { - /** + /* * revoke the ALL privilege */ persistedPriv.removeRole(role); @@ -325,7 +325,7 @@ public class PrivilegeOperatePersistence { List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode()); for (BitFieldAction ac: actions) { if (ac.getActionCode() != revokeaction.getActionCode()) { - /** + /* * grant the left privileges to role */ MSentryGMPrivilege tmpPriv = new MSentryGMPrivilege(persistedPriv); @@ -341,14 +341,14 @@ public class PrivilegeOperatePersistence { } } } else if (revokeaction.implies(persistedAction)) { - /** + /* * if the revoke action is equal to the persisted action and they aren't ALL action * directly remove the role from privilege */ persistedPriv.removeRole(role); pm.makePersistent(persistedPriv); } - /** + /* * if the revoke action is not equal to the persisted action, * do nothing */ @@ -358,13 +358,13 @@ public class PrivilegeOperatePersistence { /** * Drop any role related to the requested privilege and its children privileges */ - public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) { + public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } - /** + /* * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ @@ -372,7 +372,7 @@ public class PrivilegeOperatePersistence { privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { - /** + /* * force to load all roles related this privilege * avoid the lazy-loading */ @@ -434,9 +434,9 @@ public class PrivilegeOperatePersistence { return privileges; } - public Set<PrivilegeObject> getPrivilegesByProvider(String component, - String service, Set<MSentryRole> roles, - List<? extends Authorizable> authorizables, PersistenceManager pm) { + Set<PrivilegeObject> getPrivilegesByProvider(String component, + String service, Set<MSentryRole> roles, + List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<PrivilegeObject> privileges = Sets.newHashSet(); if (roles == null || roles.isEmpty()) { return privileges; @@ -458,9 +458,9 @@ public class PrivilegeOperatePersistence { return privileges; } - public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, - String service, Set<MSentryRole> roles, - List<? extends Authorizable> authorizables, PersistenceManager pm) { + Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, + String service, Set<MSentryRole> roles, + List<? extends Authorizable> authorizables, PersistenceManager pm) { Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); @@ -479,7 +479,7 @@ public class PrivilegeOperatePersistence { throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue()); - /** + /* * Get the privilege graph * populateIncludePrivileges will get the old privileges that need dropped */ @@ -487,7 +487,7 @@ public class PrivilegeOperatePersistence { privilegeGraph.addAll(populateIncludePrivileges(null, oldPrivilege, pm)); for (MSentryGMPrivilege dropPrivilege : privilegeGraph) { - /** + /* * construct the new privilege needed to add */ List<Authorizable> authorizables = new ArrayList<Authorizable>( @@ -499,7 +499,7 @@ public class PrivilegeOperatePersistence { component,service, authorizables, dropPrivilege.getAction(), dropPrivilege.getGrantOption()); - /** + /* * force to load all roles related this privilege * avoid the lazy-loading */ @@ -513,16 +513,16 @@ public class PrivilegeOperatePersistence { } } - private BitFieldAction getAction(String component, String name) { + private BitFieldAction getAction(String component, String name) throws SentryUserException { BitFieldActionFactory actionFactory = getActionFactory(component); BitFieldAction action = actionFactory.getActionByName(name); if (action == null) { - throw new RuntimeException("Can not get BitFieldAction for name: " + name); + throw new SentryUserException("Can not get BitFieldAction for name: " + name); } return action; } - private BitFieldActionFactory getActionFactory(String component) { + private BitFieldActionFactory getActionFactory(String component) throws SentryUserException { String caseInsensitiveComponent = component.toLowerCase(); if (actionFactories.containsKey(caseInsensitiveComponent)) { return actionFactories.get(caseInsensitiveComponent); @@ -534,11 +534,11 @@ public class PrivilegeOperatePersistence { return actionFactory; } - private BitFieldActionFactory createActionFactory(String component) { + private BitFieldActionFactory createActionFactory(String component) throws SentryUserException { String actionFactoryClassName = conf.get(String.format(ServiceConstants.ServerConfig.SENTRY_COMPONENT_ACTION_FACTORY_FORMAT, component)); if (actionFactoryClassName == null) { - throw new RuntimeException("ActionFactory not defined for component " + component + + throw new SentryUserException("ActionFactory not defined for component " + component + ". Please define the parameter " + "sentry." + component + ".action.factory in configuration"); } @@ -546,10 +546,10 @@ public class PrivilegeOperatePersistence { try { actionFactoryClass = Class.forName(actionFactoryClassName); } catch (ClassNotFoundException e) { - throw new RuntimeException("ActionFactory class " + actionFactoryClassName + " not found."); + throw new SentryUserException("ActionFactory class " + actionFactoryClassName + " not found."); } if (!BitFieldActionFactory.class.isAssignableFrom(actionFactoryClass)) { - throw new RuntimeException("ActionFactory class " + actionFactoryClassName + " must extend " + throw new SentryUserException("ActionFactory class " + actionFactoryClassName + " must extend " + BitFieldActionFactory.class.getName()); } BitFieldActionFactory actionFactory; @@ -558,7 +558,7 @@ public class PrivilegeOperatePersistence { actionFactoryConstructor.setAccessible(true); actionFactory = (BitFieldActionFactory) actionFactoryClass.newInstance(); } catch (NoSuchMethodException | InstantiationException | IllegalAccessException e) { - throw new RuntimeException("Could not instantiate actionFactory " + actionFactoryClassName + + throw new SentryUserException("Could not instantiate actionFactory " + actionFactoryClassName + " for component: " + component, e); } return actionFactory;
